COMPACFLT - EDAC Enterprise Dynamic Access Control (EDAC) Point of Contact: Richard Fernandez (808) 474-9270 Approved for public release; distribution.

Slides:



Advertisements
Similar presentations
NACLA Value – Navy METCAL Perspective
Advertisements

Configuration Management
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
Access Control Chapter 3 Part 3 Pages 209 to 227.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Understanding Active Directory
Chapter 3 The Relational Model Transparencies © Pearson Education Limited 1995, 2005.
1 IBM SanFrancisco Product Evaluation Negotiated Option Presentation By Les Beckford May 2001.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Chapter 3. 2 Chapter 3 - Objectives Terminology of relational model. Terminology of relational model. How tables are used to represent data. How tables.
1 Introduction The Database Environment. 2 Web Links Google General Database Search Database News Access Forums Google Database Books O’Reilly Books Oracle.
Administering Active Directory
Software Configuration Management (SCM)
BUSINESS DRIVEN TECHNOLOGY
SBC/GOLD 2004 Peter Knott, Germany Section Information Sources for IEEE Volunteers Peter Knott Electronic Communications IEEE Germany Section.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.
Configuration Management
Key Issues in Licensing Software and Associated Intellectual Property: Matching Licensing Models to Business Strategies Steve Mutkoski Regional Director,
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
Understanding Active Directory
Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users.
1 Click to edit Master title style Powered by Insert Logo Here In Master Slide Phone Systems 1.
Introduction to UDDI From: OASIS, Introduction to UDDI: Important Features and Functional Concepts.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Are you Confident that data in your non-production systems is secured?
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.
Managing Active Directory Domain Services Objects
Authorized Dealer.
Windows 2000 Operating System -- Active Directory Service COSC 516 Yuan YAO 08/29/2000.
8.1 Lawson Security Overview Del Dehn Product Manager.
Implementing Resource Management within EPM Roy Kayahara Program Manager Microsoft Office Project Microsoft Corporation.
Design Step 2: Research the Problem. Knowledge Base Does a similar product already exist? Are there regulatory and standards issues? –intellectual property.
VIP-ER Virtual Industrial Park – Emphasis Rural Phase I Technical Overview February 2005.
Introduction to the Adapter Server Rob Mace June, 2008.
Software Quality Assurance
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Storing Organizational Information - Databases
Lecture 7: Requirements Engineering
Information Systems Engineering. Lecture Outline Information Systems Architecture Information System Architecture components Information Engineering Phases.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 7 Storing Organizational Information - Databases.
1 Adapted from Pearson Prentice Hall Adapted from James A. Senn’s Information Technology, 3 rd Edition Chapter 6 Personal and PC Databases.
Windows Role-Based Access Control Longhorn Update
Configuration Management and Change Control Change is inevitable! So it has to be planned for and managed.
Proposal for RBAC Features for SDD James Falkner Sun Microsystems October 11, 2006.
Software Maintenance Speaker: Jerry Gao Ph.D. San Jose State University URL: Sept., 2001.
© 2004 The IPR-Helpdesk is a project of the European Commission DG Enterprise, co-financed within the fifth framework programme of the European Community.
Slide 1 SDTSSDTS FGDC CWG SDTS Revision Project ANSI INCITS L1 Project to Update SDTS FGDC CWG September 2, 2003.
Session 8 Windows Platform Dina Alkhoudari. Learning Objectives Read Only Domain Controller Active Directory Certificate Service Group Policy.
Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010.
The Relational Model. 2 Relational Model Terminology u A relation is a table with columns and rows. –Only applies to logical structure of the database,
MultiMedia by Stephen M. Peters© 2001 South-Western Information Management Systems.
Introduction to Active Directory
CSC 8320 Advanced Operating System Discretionary Access Control Models Presenter: Ke Gao Instructor: Professor Zhang.
Chapter 4 The Relational Model Pearson Education © 2009.
Overview: Spatial Data Standards for Facilities, Infrastructure and Environment (SDSFIE) Services Support FGDC Coordination Group Meeting 6 February 2007.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
CollegeSource Security Application &
DNS.
Section 14.1 Section 14.2 Identify the technical needs of a Web server
Simplified Development Toolkit
Connected Vehicle Reference Implementation Architecture (CVRIA)
The Database Environment
Software Requirements Specification (SRS) Template.
ACTIVE DIRECTORY An Overview.. By Karan Oberoi.
County Wide Safety Program
Presentation transcript:

COMPACFLT - EDAC Enterprise Dynamic Access Control (EDAC) Point of Contact: Richard Fernandez (808) Approved for public release; distribution is unlimited. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

COMPACFLT - EDAC For licensing information contact: Stephen Lieberman Voice: (619) Mobile: (619) For comments regarding this product contact: Richard Fernandez Voice: (808) "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

Outline Access control background Access control lists Groups NIST RBAC standard SEAC RBAC Customer furnished and maintained assets How it works Product overview Interoperability "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

Access Control Lists (ACL) User name or unique identifier associates access to resources "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

Groups User associated to a group and group associated to resources "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

Essentials for resource access Necessary requirement to access resources: Not a user name Not a unique identifier Not a group association List of user characteristics "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

What are user characteristics User characteristics (user profile) Where client works: organization What security credentials: clearance What pay category: pay grade What branch : service What vocation: job function etc "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

Examples of User Profiles CategoriesCOMPACFLT USNR Organization: CPF N65Naval Intel Clearance: SecretTop Secret Paygrade: DP302 Service: DoDDoNR Function: Program ManagerIntelligence User profile is a unique list of user characteristics. A client may have more than one user profile. User attributes should be compiled from an authoritative data source(s) on a real-time basis. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

Impact on resource access The following can affect resource access: Transfer to another organization Loss of security clearance Change in job title Job promotion "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

Problems with ACLs and Groups Maintaining an updated ACL or group is time consuming. Situation worsens when: Number of users increase Number of resources increase "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

NIST RBAC compliance Because of ACL and group limitations: The National Institute of Standards and Technology (NIST) RBAC is an American National Standard - ANSI INCITS (approved 19 Feb 04) "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

NIST RBAC standard Definitions: Users and Roles: …access decisions are based on the roles that individual users have as part of an organization. "Access rights are grouped by role name… Role hierarchies: "Under RBAC, roles can have overlapping responsibilities and privileges; Roles and Operations: "Organizations can establish the rules for the association of operations with roles. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

Access control comparison How access control solutions can simultaneously evaluate user characteristics. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

Customer meta-database background Relational database data duplicated on a directory service. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

Customer meta-database specifications Customer meta-database LDAP v 3/DSML directory X500 class objects organization organizationalUnit Scalable unlimited entries modifications allowed Structure designation domain reference category values Structure flat hierarchal Maintained local commands regional commands "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

Customer meta-database domain Domain consist of global and regional directories. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

User Profile Manager User selects a profile to determine resource access. Mgmt constraints on user profile selections "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

How the EDAC works Step 1: Resource manager establishes a set of conditions to access a resource. These set of conditions represent a resource profile. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

How the EDAC works Step 2: An effective RBAC requires real-time creation of user profile(s) from authoritative data source(s). "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

How the EDAC works Step 3: The RBAC Rules Engine compares User and Resource Profiles to determine resource access. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC – Resource profiles Resource roles Allow & Deny profiles Exact and subtree conditions Time constraints "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC – Resource profiles "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC – Security levels Pre-configure conditions under each security level. RBAC Rules Engine evaluates only conditions for prevailing security level. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC – Model EDAC standard initiative: Interchangeable modular access control components Minimum salient features Protocol between components Standard tie-ins between customer assets and access control system

EDAC - Model "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC - Model "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC - Model "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC - Model "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC - Model "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC - Model "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC – Interoperability EDAC interoperable among regions: Set conditional access for remote users Domain customer meta-databases

EDAC - Interoperability Pearl Harbor: resource profile created for local resource access. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC - Interoperability Pearl Harbor: local user profile is generated to access a local resource. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC - Interoperability Pearl Harbor: user and resource profiles are evaluated by rules engine to determine local resource access. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC - Interoperability Pearl Harbor: A resource profile to allow remote users access to local resources. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC - Interoperability San Diego: user profile generated. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC - Interoperability Pearl Harbor: San Diego user evaluated for Pearl Harbor resource access. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC - Interoperability San Diego: same user evaluated for San Diego resource access. "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

EDAC – Interoperability "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) , facsimile (619) Reference Navy Case Numbers 96217, 97188, "

San Diego, CA Approved for public release; distribution is unlimited.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.